Fortinet black logo

online help

Home FortiCASB 20.1.0 online help
20.1.0
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0

Create Google Service Account

Create Google Service Account

Make sure you create a service account for the G Suite account that will be linked to FortiCASB. A service account delegated with domain-wide authority is necessary for FortiCASB to visit files in both personal and team drives under your G Suite account.

Without the service account, you can still use FortiCASB. However, the features related to files in FortiCASB, such as Discovery, will not work.

For more information regarding service accounts and domain-wide authority delegation, go to: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority

Google Service Account Creation Steps:

  1. Go to https://console.developers.google.com and log in with your Google Account.
  2. Click on the drop-down menu of Select a project.

  3. Select an existing project or Create New Project by clicking New Project.

  4. Enter a Project Name and click Create.
  5. Once a project is created, from the Navigation menu, go to IAM & admin > Service accounts.

  6. Click +Create service account.
  7. Enter a "Service account name" of your preference and click create. Service account ID will populate automatically.
    8. Keep the service account ID later for Google drive authentication during installation.

  8. Click Continue when prompted for entering service account permissions.
  9. Click on +Create Key and select P12 to create a private key. The P12 private key will be downloaded automatically, then click Done.

    10. Keep the private key later for Google drive authentication during installation.
  10. Once service account is created, select the service account created and click on under Actions on the right-hand side, then click on Edit.

  11. Enable G Suite Domain-wide Delegation and enter in a Product name for the consent screen, then click Save.

  12. Select View Client ID from service account that was created, and record down the client ID.

Previous
Next

Create Google Service Account

Make sure you create a service account for the G Suite account that will be linked to FortiCASB. A service account delegated with domain-wide authority is necessary for FortiCASB to visit files in both personal and team drives under your G Suite account.

Without the service account, you can still use FortiCASB. However, the features related to files in FortiCASB, such as Discovery, will not work.

For more information regarding service accounts and domain-wide authority delegation, go to: https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority

Google Service Account Creation Steps:

  1. Go to https://console.developers.google.com and log in with your Google Account.
  2. Click on the drop-down menu of Select a project.

  3. Select an existing project or Create New Project by clicking New Project.

  4. Enter a Project Name and click Create.
  5. Once a project is created, from the Navigation menu, go to IAM & admin > Service accounts.

  6. Click +Create service account.
  7. Enter a "Service account name" of your preference and click create. Service account ID will populate automatically.
    8. Keep the service account ID later for Google drive authentication during installation.

  8. Click Continue when prompted for entering service account permissions.
  9. Click on +Create Key and select P12 to create a private key. The P12 private key will be downloaded automatically, then click Done.

    10. Keep the private key later for Google drive authentication during installation.
  10. Once service account is created, select the service account created and click on under Actions on the right-hand side, then click on Edit.

  11. Enable G Suite Domain-wide Delegation and enter in a Product name for the consent screen, then click Save.

  12. Select View Client ID from service account that was created, and record down the client ID.

Previous
Next